Cross Platform remote IM vulnerability / DOS
Forewarning, this has not been thoroughly tested, but it has been tested on
pidgin on several windows distros and on mac os X running Adium client. The mac
Adium client doesnt freeze up but is still vulnerable to the string and repeats
it back without the user seeing it occurring. Been very busy the last few years
and dont have time to followup or test this further, glad the list still exist,
apologies for the incompleteness. Use at your own risk, and please don't use to
pester others!
There is a string of characters which when entered into an AIM conversation
window with another user will cause that user to repeat the same string of
characters back to you, at the least this could be used to eat up bandwidth.
The interesting thing about it is that when you send the instant message
containing the string the other party doesnt see that or their reply back to
you containing the same string, its totally invisible on the screen, you could
launch an attack on someone and it doesnt open a popup IM box, transparent.
------------example--------------------
userB: ok im going to send you the string, tell me if you receive anything in
the im window.
userB: userA:
?OTR:AAICAAAAxLWYQllUFJTneF0uBhdCjKyvAbB/q2HvyEG8nBmUlztLw0xe4DD50osCo4sTkCaH082Ii3ZZzMvMZJ4QERXLBKdEGH3p5x6TAuAyoyNP6jfpfVideQCeSZgOfBwY82iFeGLDyof7HN+H8ADWOb/KmwjnKQ3PWNWVtrWe+njsuDkdCRZaRUvwggsz1VLsG41gz5CxYrxpwNPEbfelQMoy6rFASf1lKNFvhHkMzvhQnRb2gAP2cXSizEfPJVTEEuwBhK5BqaUAAAAgl5zLWoOI7lQKjTXF3AhbRJguHc/VVEjXuyX950Zdf9I=.
userA:
?OTR:AAIKAAAAwIJFBPsSOhCvqu9uZJUZP6qkbMaONxAhy/lF2n4AixoRc4xNlwkHSSSqO1x5OKwTUd/Nx/xCuCjcvq42dHFj2ajkZXUKRC8NbyZDuw+2DmQZaKZMkm2N0JY7sRAwcW+vkJ2uybdCqs6YXHLbhlvvxkWoiZFrz5LlHFPtIgQG9PL8Tr5bvk2jztm5vE0V0r/V5r7ePoYo7c1vzBr/R+TMthy78MCwO/9pqVN0LIsgZ1SyUiDhDHfRIvAg2IuLOfvknA==.
userB: see anything after I said window?
userA: no
userA: nothing
-----------------------------------------
At the least this causes the other machine to send out more packets than the
average user may have known of, with a little thinking and just as much
resources this could be used as a distributed denial of service attack.
On the current version of pidgin when this was tested on several OS's it often
froze up the targets IM window for the duration of the attack and sometimes the
entire system performance suffers. While the attack was being performed the IM
window is non-usable.
Side info: if you add or replace characters from the string and send it, it
will still work but the new characters dont get repeated back the same in the
string.
Discovered by Dan Shinn <danslo@xxxxxxxxx>
Testing by Rick Russel <noneck.net>